Overview

overview

10

Static

static

3

cea118f7de...18.exe

windows7-x64

10

cea118f7de...18.exe

windows10-2004-x64

10

Sharing

Copy URL Twitter E-mail

General

  • Target

    cea118f7de437b4eca8c344356412975_JaffaCakes118

  • Size

    42KB

  • Sample

    240906-evfd9awemh

  • MD5

    cea118f7de437b4eca8c344356412975

  • SHA1

    3390430063b78b1233ad9b92a2e3162ab2234b3c

  • SHA256

    2ea2f47fa7449a8717eecee0c7d5a5627d6afdf2f56831a98685fdc79f1597da

  • SHA512

    ce36985d7bbf16a6a1c7ba7f7c296d467900fd35ab5ec6dd9c2c0d68c461e37cb0e72597e5edd8b445ca88062a6c56e99b1f001ef7f56b55dce5be3b7c2d7275

  • SSDEEP

    768:9dfTIv3TcFXBb+9hPJdXp4naxaFT9pYpe0RNa:9pIvjcYMnnhCI

Score
10/10
andromedabackdoorbotnetdiscoverypersistence

Malware Config

Targets

    • Target

      cea118f7de437b4eca8c344356412975_JaffaCakes118

    • Size

      42KB

    • MD5

      cea118f7de437b4eca8c344356412975

    • SHA1

      3390430063b78b1233ad9b92a2e3162ab2234b3c

    • SHA256

      2ea2f47fa7449a8717eecee0c7d5a5627d6afdf2f56831a98685fdc79f1597da

    • SHA512

      ce36985d7bbf16a6a1c7ba7f7c296d467900fd35ab5ec6dd9c2c0d68c461e37cb0e72597e5edd8b445ca88062a6c56e99b1f001ef7f56b55dce5be3b7c2d7275

    • SSDEEP

      768:9dfTIv3TcFXBb+9hPJdXp4naxaFT9pYpe0RNa:9pIvjcYMnnhCI

    Score
    10/10
    andromedabackdoorbotnetdiscoverypersistence

    • Andromeda, Gamarue

      Andromeda, also known as Gamarue, is a modular botnet malware primarily used for distributing other types of malware and it's written in C++.

      botnetbackdoorandromeda

    • Detects Andromeda payload.

    • Adds policy Run key to start application

      persistence

    • Deletes itself

    • Maps connected drives based on registry

      Disk information is often read in order to detect sandboxing environments.

    behavioral1behavioral2

MITRE ATT&CK Enterprise v15

Tasks